Opened 7 years ago

Closed 7 years ago

#3250 closed Defect (Duplicate)

UI Security Issue with passwords

Reported by: adams_chad@… Owned by: timothy
Component: Colloquy (Mac) Version: 2.3 (Mac)
Severity: Major Keywords: security password ui


Issue: Potential to expose password to all in chat room.

Desc: durring connection to a IRC room, the server will verify your password stored. Some rooms will open and allow you to chat before your password is verified (tested on freenode)

If the password/account is not valid Colloquy will open a window to ask for your password input. THIS WINDOW IS NOT MODAL! it also fails to focus the input field.

When you type in your password, it actually types it into the chat room behind the auth popup exposing password to world.

Possible Recommended Fixes:

  1. made password popups modal
  2. focus password field

Change History (1)

comment:1 Changed 7 years ago by zach

  • Resolution set to Duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.